- Vulnerability/
- CVE-2024-2193
CVE-2024-2193: Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.
First published: Tue Mar 12 2024(Updated: )
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IP Next (LTM) | >=20.0.1<=20.1.0 | |
| F5 BIG-IP Next Central Manager | >=20.0.1<=20.2.0 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=17.1.0<=17.1.1 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=16.1.0<=16.1.4 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=15.1.0<=15.1.10 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=8.1.0<=8.3.0 | |
| F5 F5OS-A | =1.7.0>=1.5.1<=1.5.2 | |
| F5 F5OS-C | >=1.6.0<=1.6.2 | |
| F5 Traffix Systems Signaling Delivery Controller | =5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.theregister.com/2024/03/13/patch_tuesday_march_2024/
- http://www.openwall.com/lists/oss-security/2024/03/12/14
- https://download.vusec.net/papers/ghostrace_sec24.pdf
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23
- https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace
- https://kb.cert.org/vuls/id/488902
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html
- https://www.kb.cert.org/vuls/id/488902
- https://www.vusec.net/projects/ghostrace/
- https://xenbits.xen.org/xsa/advisory-453.html
- https://my.f5.com/manage/s/article/K000139682
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2024-2193?
CVE-2024-2193 is considered a high-severity vulnerability due to its potential for unauthorized data disclosure.
How do I fix CVE-2024-2193?
To mitigate CVE-2024-2193, apply the latest security patches provided by F5 for affected products.
Which products are affected by CVE-2024-2193?
CVE-2024-2193 impacts several F5 products including BIG-IP Next, BIG-IP, BIG-IQ Centralized Management, and F5OS.
What type of attack can exploit CVE-2024-2193?
CVE-2024-2193 can be exploited by unauthenticated attackers using speculative execution techniques to access sensitive data.
How can I identify if my system is vulnerable to CVE-2024-2193?
Check the version of your F5 products against the specified vulnerable ranges for CVE-2024-2193 to determine if your system is at risk.
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-2193
- agent/first-publish-date
- collector/the-register
- source/The Register
- alias/CVE-2024-21407
- alias/CVE-2024-21408
- alias/CVE-2024-21334
- alias/CVE-2024-21400
- alias/CVE-2023-32666
- alias/CVE-2023-32282
- alias/CVE-2023-20214
- alias/CVE-2024-20337
- alias/CVE-2024-0039
- alias/CVE-2024-23717
- alias/CVE-2023-42789
- alias/CVE-2023-42790
- alias/CVE-2023-48788
- alias/CVE-2023-47534
- alias/CVE-2023-36554
- alias/CVE-2024-23112
- alias/CVE-2023-46717
- agent/title
- agent/type
- agent/description
- agent/news-ai
- agent/author
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/f5-advisory
- source/F5
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/f5
- canonical/f5 big-ip next (ltm)
- version/f5 big-ip next (ltm)/20.0.1
- version/f5 big-ip next (ltm)/20.1.0
- canonical/f5 big-ip next central manager
- version/f5 big-ip next central manager/20.0.1
- version/f5 big-ip next central manager/20.2.0
- canonical/f5 big-ip and big-iq centralized management
- version/f5 big-ip and big-iq centralized management/17.1.0
- version/f5 big-ip and big-iq centralized management/17.1.1
- version/f5 big-ip and big-iq centralized management/16.1.0
- version/f5 big-ip and big-iq centralized management/16.1.4
- version/f5 big-ip and big-iq centralized management/15.1.0
- version/f5 big-ip and big-iq centralized management/15.1.10
- version/f5 big-ip and big-iq centralized management/8.1.0
- version/f5 big-ip and big-iq centralized management/8.3.0
- canonical/f5 f5os-a
- version/f5 f5os-a/1.7.0
- version/f5 f5os-a/1.5.1
- version/f5 f5os-a/1.5.2
- canonical/f5 f5os-c
- version/f5 f5os-c/1.6.0
- version/f5 f5os-c/1.6.2
- canonical/f5 traffix systems signaling delivery controller
- version/f5 traffix systems signaling delivery controller/5.2